How to enable or disable GSSAPI authentication in SSH

GSSAPI or Generic Security Service Application Programming Interface allows login to an SSH server via alternative mechanisms such as Kerberos.

It's useful for those who need the feature, but it's enabled by default and could unnecessarily slow the overall login process if you only use the standard password or public-key authentication methods.

You can disable or enable GSSAPI authentication for SSH via GSSAPIAuthentication directive in your SSHd configuration.

GSSAPIAuthentication
Specifies whether user authentication based on GSSAPI is allowed. The default is no.

Steps to disable or enable GSSAPI authentication in SSH:

Launch your preferred terminal application (optional).
Open SSHd configuration file using your favorite text editor.
```
$ sudo vi /etc/ssh/sshd_config
[sudo] password for user:
```
Search for GSSAPIAuthentication directive and set the value to no to disable GSSAPIAuthentication authentication method or yes to enable.
```
GSSAPIAuthentication no
```
Add the line if it doesn't already exist and remove # at the beginning of the line if it exists.
Save and exit the text editor.
Reload or restart SSH server service.
```
$ sudo systemctl restart sshd
```
Related: How to start, restart, and stop the SSH server service

Author: Mohd Shakir Zakaria
Cloud architect by profession but always consider himself as a developer, entrepreneur and an opensource enthusiast.

Discuss the article:

Comment anonymously. Login not required.